refactor: migrate Tool Permissions from Settings to /settings/tools
- Remove Tool Permissions form from settings.html; replace with a "Tool Settings →" link that redirects to /settings/tools - Add Confirmation Gate section to tools_settings.html (allow/deny textareas) inside the same form as risk policy — one save covers all - tools_settings.py save handler now writes allow/deny alongside max_risk/whitelist/blacklist into tool_policy.json - Remove /settings/tool-policy POST route from settings.py (no longer needed) - Remove get_tool_policy, save_tool_policy, CONFIRM_REQUIRED imports from settings.py (now owned by tools_settings.py) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Scott Idem
@@ -18,8 +18,7 @@ import jwt
|
||||
from fastapi import APIRouter, Form, Request
|
||||
from fastapi.responses import HTMLResponse, RedirectResponse
|
||||
|
||||
from auth_utils import COOKIE_NAME, decode_token, check_credentials, set_password, _read_auth, _write_auth, get_user_channels, get_tool_policy, save_tool_policy
|
||||
from tools import CONFIRM_REQUIRED
|
||||
from auth_utils import COOKIE_NAME, decode_token, check_credentials, set_password, _read_auth, _write_auth, get_user_channels
|
||||
from persona import list_user_personas
|
||||
from config import settings as app_settings
|
||||
|
||||
@@ -119,15 +118,6 @@ def _settings_page(username: str, personas: list[str], back_persona: str = "", s
|
||||
http_allowlist_text = ""
|
||||
html = html.replace("{{ http_allowlist }}", http_allowlist_text)
|
||||
|
||||
# Tool permission policy
|
||||
policy = get_tool_policy(username)
|
||||
tool_allow_text = _html.escape("\n".join(policy.get("allow", [])))
|
||||
tool_deny_text = _html.escape("\n".join(policy.get("deny", [])))
|
||||
confirm_tools_list = _html.escape(", ".join(sorted(CONFIRM_REQUIRED)))
|
||||
html = html.replace("{{ tool_allow }}", tool_allow_text)
|
||||
html = html.replace("{{ tool_deny }}", tool_deny_text)
|
||||
html = html.replace("{{ confirm_required_tools }}", confirm_tools_list)
|
||||
|
||||
persona_items = "\n".join(
|
||||
f'''<li>
|
||||
<a href="/{username}/{p}" class="persona-link">{p}</a>
|
||||
@@ -381,27 +371,6 @@ async def save_notifications(
|
||||
return HTMLResponse(_notifications_page(username, back_persona, success="Notification settings saved."))
|
||||
|
||||
|
||||
@router.post("/settings/tool-policy", include_in_schema=False)
|
||||
async def save_tool_policy_route(
|
||||
request: Request,
|
||||
allow_list: str = Form(""),
|
||||
deny_list: str = Form(""),
|
||||
):
|
||||
username = _get_session_user(request)
|
||||
if not username:
|
||||
return RedirectResponse("/login", status_code=302)
|
||||
|
||||
personas = list_user_personas(username)
|
||||
back_persona = _preferred_persona(request, username)
|
||||
|
||||
allow_tools = [ln.strip() for ln in allow_list.splitlines() if ln.strip()]
|
||||
deny_tools = [ln.strip() for ln in deny_list.splitlines() if ln.strip()]
|
||||
save_tool_policy(username, {"allow": allow_tools, "deny": deny_tools})
|
||||
logger.info("tool policy updated for %s (allow=%d deny=%d)", username, len(allow_tools), len(deny_tools))
|
||||
return HTMLResponse(_settings_page(username, personas, back_persona,
|
||||
success="Tool permission policy saved."))
|
||||
|
||||
|
||||
@router.post("/settings/email-allowlist", include_in_schema=False)
|
||||
async def save_email_allowlist(
|
||||
request: Request,
|
||||
|
||||
Reference in New Issue
Block a user